Implications for new Cyber Security Executive Order

Posted by:

|

On:

|

In the wake of the Colonial pipeline breach, there are big changes coming to our industry.  As many of you many know, this week the White House released a comprehensive Executive Order (EO) that charts a new path forward with regard to standardization of cyber security best practices across government and private industry in the United States.  The full text of that order can be found here: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

Key take-aways from the EO include the following:

  • Improved and mandated threat and intrusion information sharing between private industry and the federal government.  This will include mandated communication by private industry to the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) following a breach. Failure to comply will result in suspension of a company’s ability to do business with the U.S. government for a set period of time.
  • New mandate for “Zero Trust Architecture; accelerated movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralized and streamlined access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks.”  It probably goes without saying that DefendEdge and our SiON SaaS platform can fill this requirement for you.
  • New mandate for National Institute of Standards and Technology (NIST) compliance for any company doing business with the federal government.  DefendEdge can provide comprehensive NIST and SOCII preparation and inspection services which will enable your companies to rapidly achieve NIST compliance.
  • New mandate for nation-wide adoption of  multifactor authentication and encryption of data at rest and in transit.  This provision will apply to every company doing business with the federal government.  We expect this requirement to quickly flow down to state governments and localities as well.
  • New software security guidelines will be issued within 180 days. This provision is a response to the recent Solar Winds hacks.
  • Establishment of the Cyber Safety Review Board.  This board will closely resemble the functions and authorities of the National Transportation Safety Board.  In other words, expect this board to be the “stick” in the “stick and carrot” efforts by the federal government to improve nation-wide cyber security practices.

These are just the wavetops of the EO, and precise requirements and regulations will be rolling out within the next 90-180 days.

DefendEdge provides companies with a platinum level of cyber security services and expert incident response.  We stand ready to assist you as our nation finally begins to establish the regulatory framework and authorities that will standardize cyber security “best practices” in the U.S.